首先让我说，我已经通过所有类似的帖子了，但没有解决我的问题。我也排除了服务器端是没有过错的，因为我得到适当的响应头，至少显示在提琴手和Chrome浏览器开发工具。

First of all let me say that I've gone through all similar posts but nothing solves my issue. I've also ruled out that the server-side is not at fault since I receive the proper response headers, at least as is shown in Fiddler and in Chrome Dev tools.

我使用的 Thinktecture.IdentityModel 并没有使用jquery这样在客户端验证：

I am using Thinktecture.IdentityModel and did authentication on the client side using jquery like this:

    $.ajax({
        url: tokenEndpoint,
        type: 'GET',
        // jsonp is not an option and it does not work anyway with my server setup
        dataType: "json", // including this does not help
        crossDomain: true, // including this does not help
        beforeSend: function (xhr) {
            xhr.setRequestHeader('Authorization', 'Basic xxxxx');
        },
        success: function () {
            alert('success!');
        },
        error: function(xhr, errorType, exception) {
        }
    });

下面是我得到的跟踪：

Here's the trace that I got:

* preflight CORS请求*

OPTIONS http://HOST_DOMAIN/tokenEndPoint HTTP/1.1
Host: HOST_DOMAIN
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: http://ORIGIN_DOMAIN
Access-Control-Request-Headers: accept, authorization
Accept: */*
Referer: http://ORIGIN_DOMAIN/login
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8

preflight响应

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.0
Access-Control-Allow-Origin: http://ORIGIN_DOMAIN
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: accept,authorization
Content-Length: 15

{"status":"ok"}

实际AJAX请求

GET http://HOST_DOMAIN/tokenEndPoint HTTP/1.1
Host: HOST_DOMAIN
Connection: keep-alive
Accept: */*
Origin: http://ORIGIN_DOMAIN
Authorization: Basic xxxxx
Referer: http://ORIGIN_DOMAIN/login
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8

Ajax响应

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 560
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
Set-Cookie: xxxxx


{
  "access_token": "xxxxx",
  "expires_in": xxx
}

注意最后一行迹线，这是从提琴手标签上的TextView的，用于指示服务器调用成功。我可以证实，服务器调用成功，因为我调试的服务器端code和code，它返回的输出达到，并没有抛出任何错误。任何想法如何使它工作？

Notice the last line of the trace, which comes from the TextView on the Fiddler tab that indicates the server call was successful. I can confirm that the server call was successful as I debugged the server-side code and the code that returns that output was reached and did not throw any errors. Any ideas how to make it work?

推荐答案

作为你的问题的标题状态错误消息，响应缺少一个访问控制 - 允许 - 产地标头。根据响应的内容，你张贴在你的问题的结束，服务器没有包含这一头。所以，这个问题是您的服务器。您需要在您回应这个头。

As the error message in your question title states, the response is lacking an Access-Control-Allow-Origin header. According to the response contents you posted at the end of your question, the server is not including this header. So, the issue is with your server. You'll need to include this header in your response.